Red Teaming Terms and Definitions
Who Red Teaming is for?
Well, due to the nature of the red team exercise; generally, it has been built for testing the maturity and readiness (in term of defense) of an organization. So if an organization doesn't have a security process and procedures, no SoC or a mature information security team that covers all or most of the security aspects, then they don't need Ted teaming, yet.
Red team exercise tests overall process people and technology (PPT), whenever they think they exist.
FAQ
Is Red Teaming more advanced than Penetration testing?
No, it is not.
Is Red Teaming an alternative to Penetration testing?
No, it is not.
Teams Colors
Red Team
Blue Team
Purple Team
White Team
Green Team
Yellow Team
Red team Definitions
APT – Advanced Persistent Threat
Tradeoff
Command and Control / C2 – is the influence an attacker has over a compromised computer system they control
Exfiltration
is the extraction of information from a target. This is typically through a covert channel.
Indicator Of Compromise (IOC)
are artifacts that identify or describe threat actions.
OPFOR – Opposing Force (OPFOR)
or enemy force typically used by the military in wargaming scenarios.
Operation Impact
An operation impact is the effect of a goal-driven action within a target environment
Threat
is an expression of intention to inflict evil, injury or damage.
Threat Emulation
is the process of mimicking the TTPs of a specific threat.
TTPs
are Tactics/Tools, Techniques, and Procedures
Tradecraft
the techniques and procedures of espionage. Tradecraft is typically associated with the intelligence community. TTP and Tradecraft are used interchangeably.
Post Exploitation
TBD
Pivoting
the network-based bypass or circumvent technique to access a none accessible or none routable host from the attacker's machine.
Lateral Movement
an operating-system-based technique to access other hosts in the network using stolen credentials, SSO sessions, or tokens to execute or run father actions with or without direct interaction from the attacker's machine.
Assumed-compromised / Assumed-Brach
a starting red team phase that gives the red team an initial foothold in the network. Usually used to shorten the exercise time to avoid the consumed time on the Get-in phase which includes but not limited to, OSINT, Social Engineering, Physical Security bypass, etc.
White-card
is a legal cheating procedure that the red team might ask for from the white-team if the team got stuck in a certain phase (note: white-card could be raised even after getting a foothold). White-card generally makes the red team's current or next step as assume-compromised to achieve the exercise's ultimate goal.
Resources
Last updated